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Abstract 

We discuss a class of binary cyclic codes and their dual codes. The 
minimum distance is determined using algebraic geometry, and an 
application of Weil's theorem. We relate the weights appearing in the 
dual codes to the number of rational points on a family of genus 2 
curves over a finite field. 
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1 Introduction 



Let ¥q be a finite field with q elements. In this article, q will be a power of 
2, say q = 2"^, and a will be a generator for the multiplicative group F*. Let 
mi{x) denote the minimal polynomial of a* over F2. Cyclic codes of length n 
are ideals in F2[x]/(a;" — 1). We use the natural basis 1, x, x^, . . . , x"'~^, and 
we sometimes identify a polynomial cq + cix + ■ — h Cn-ix""^ with the vector 
(co, ci, . . . , Cn-i). We label the coordinates by the elements of F*. 

The cyclic code of length 2™ — 1 generated by mi(x) is called the (bi- 
nary) Hamming code. The cyclic code B = of length 2™ — 1 generated by 
mi{x)m^{x) is called the 2-err or- correcting BCH code. The weights appear- 
ing in the dual code B^ were determined by Kasami There are exactly 
three nonzero weights when m is odd, and five weights when m is even. The 
cyclic code M = of length 2'" — 1 generated by mi(a;)m_i(x) is known as 
the Melas code. The weights appearing in were determined by Lachaud 
and Wolfmann [H] using results on elliptic curves. In contrast to B^, there 
are many weights in M^. Indeed, all even numbers between q/2 — ^/q + 1/2 
and q/2 + +1/2 occur. A uniform treatment of these codes was given 
by Schoof jBi- In his paper Schoof says "It would be very interesting to ex- 
tend the methods of this paper to other families of cyclic codes. This seems 
difficult since it involves, in general, curves of genus larger than 1 ..." 

In this article we consider the cyclic code C = Cm = Bm^Mm, which has 
length 2™' — 1 and is generated by mi(x)m_i(x)m3(x). We assume m > 2 to 
ensure that the three factors of the generator polynomial of C are distinct. 
We will discuss the minimum distance of C in section using algebraic 
geometry. In sections El and ^ we will determine the weights appearing in 
the dual code C"*-, by relating the weights to curves of genus 2, realising 
the suggestion of Schoof in the above quote. For m even we have a precise 
description of all the weights, but not for m odd. The next step would be to 
compute the weight distributions of these codes but this appears to be quite 
difficult. 
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2 The Minimum Distance of the Codes C 



In this section we investigate the minimum distance of C. We show below 
that B has minimum distance 5, and it is not hard to show that M has 
minimum distance 5 when m is odd, and distance 3 when m is even. Since 
C = B n M, one might hope that C has distance 7, at least when m is odd. 
However, we will show that the minimum distance of C is 5 for m > 16. 

The computer algebra package Magma shows that C has minimum dis- 
tance 7 when m = 6, 7, but that d{C) = 5 when m = 5,8, 9. We presume 
that d{C) = 5 when 10 < m < 15 but we have not checked this. 

The roots of the generator polynomial of a cyclic code are called the 
zeros of the code. Determining the minimum distance of a cyclic code from 
its zeros is very difficult in general. One result on this problem is known as 
the BCH bound, see |7j for example. We use wt{c) to denote the weight of a 
codeword c(x). 

Theorem 1 (BCH bound) Let f{x) be a codeword in a binary cyclic code 
of length n = 2"^ — 1. If s consecutive powers of a are roots of f , then 
wt{f) > s + 1. 

It follows from the BCH bound that the 2-error-correcting BCH code 
Bm has (i > 5, since a,a'^,a^,a'^ are roots of mi(x)m3(x). Since C B, 
d{C) > 5. 

A codeword of even weight in C has amongst its roots for j = —2, — 1, 
0, 1,2, 3,4. By the BCH bound this codeword has weight > 8. Thus there 
are no codewords of weight 6 in C. We now study codewords of weight 5. 

We define the polynomials 

f{x, y,z) = x + y + z + x^ + y'^ + z^+ x^y + x^z + y'^x + y'^z + z^x + z^y 

and 

g{x, y, z) = x^y + x'^z + y'^x + y'^z + z^x + z'^y + xyz + xy + xz 
+yz + x^yz + xy'^z + xyz^ 
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over a field of cliaracteristic 2. Let K be tfie algebraic closure of F2. We 
define an algebraic curve X by 

X = {{x, y, z) e : f{x, y,z) = and g{x, y, z) = 0} 

and define to be the set of points on X that have coordinates in F2»». 

Lemma 2 The cyclic code C of length 2™ — 1 has minimum distance 5 if 
and only if there are rational points {x, y, z) on Xm with the property that 
0,l,x,y, z,l + X + y + z are pairwise distinct. 

Proof: A parity check matrix for C is 



1 


a 


. 


■ a' ■■ 




1 




a'' ■ 


■ a^' ■■ 




1 


a-' 


a-2 . 


■ a-' ■■ 





and it follows that codewords of weight 5 with a 1 in position 1 are in one- 
to-one correspondence with field elements x, y, z,w & such that 

1 + x + y + z + w = (1) 
1 + x^ + y^ + z^ + w^ = (2) 
1 + x~^ + y'^ + z'^ + w''^ = (3) 

and 0, 1, X, y, z, w are pairwise distinct. 

Substituting 1 + x + y + z for w in equation Q gives 

1 + x^ + y^ + z^ + {1 + X + y + z)^ = 

or 

x + y + z + x'^ + y'^ + z'^ + x^y + x'^z + y'^x + y'^z + z^x + z^y = 

which leads to the definition of /. 
Multiplying (jS)) by xyzw gives 

xyzw + yzw + xzw + xyw + xyz = 
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and substituting for w now gives 

{1 + X + y + z) {xyz + yz + xz + xy) + xyz — 0. 
Expanding this out leads to 

x y + x z+y x+y z + z x + z y + xyz+xy + xz + yz+x yz+xy z+xyz = 

which is where we obtain the definition of g. 

The proof is complete when we observe that the steps in deriving / and 
g are reversible; given a point on X„i with 0,l,x,y, z,l + x + y + z distinct, 
one can recover a codeword of weight 5 with a 1 in position 1. Since C is 
cyclic, any weight 5 codeword has a cyclic shift with a 1 in position 1. □ 

We will apply Weil's theorem to X. Normally Weil's theorem is applied 
to nonsingular curves, but a straightforward check via the Jacobian matrix 
shows that X has exactly four singular points. However, the nonsingularity 
hypothesis in Weil's theorem can be replaced by absolute irreducibility, and 
we show next that this indeed holds for our curve X. 

Lemma 3 The curve X is absolutely irreducible. 

Proof: Define 

a{x, y) = I + X + y, c{x, y) = xy + x + y, 

and 

h{x, y)^{y^ + y + l)x^ + {y^ + l)x^ + {y^ + y)x + + y'). 

With / and g as above, we verify that ag + cf = h, which is independent of 
z. It is straightforward to check that h is absolutely irreducible. (This can 
be done by hand or using a computer package such as Magma. Since h is of 
degree 3 in x it is enough to check irreducibility over Fg. Magma also shows 
that h — has genus 3.) 
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Let Y be the plane curve h = 0. Since / = az"^ + a'^z + b and g = 
cz'^ + acz + d for some polynomials b{x,y) and d{x,y), projection on the 
x,y plane gives a map from X to Y, which is of degree 2. Since we already 
know that Y is absolutely irreducible, we get that either X is also absolutely 
irreducible or it has two components. 

Let w be a primitive 3rd root of 1 in GF{4). Then h{w,w'^) = while 
hx{w,w'^) = w and hy{w,w^) = w"^. So the point {w,w'^) is a smooth point 
of Y with tangent y = w'^x + w. 

In the equation / = make the substitution v = z/a, and the equation 
becomes v"^ + v = b/a^. 

Consider b/a^ as a function on Y, and consider its behaviour near the 
point {w,w^). Note that a vanishes at {w,w'^) but since a = is not the 
tangent to Y at the function a has a simple zero at On 

the other hand b{w^w'^) = 1, so b/a^ has a triple pole at However, 
if f ^ + f has a pole at a point P then the pole must have even order (the 
order is 2t, where t is the order of f at P). Thus there cannot be a function 
f on y with v"^ + V = b/a^. This means that the polynomial + v + b/a^ 
is irreducible over the function field of Y, which entails that X is absolutely 
irreducible. □ 

Theorem 4 The cyclic code C of length 2™ — 1 has minimum distance 5 for 
all m > 16. 

Proof: By Lemma El we must show that X^ has points (x, y, z) with 
0,l,x,y, z,l + X + y + z distinct, for all m sufficiently large. By LemmaElwe 
know that Xm is absolutely irreducible. Let Nm = \Xm\- By Weil's theorem. 



where g is the genus of (a smooth model of) X and C is a constant indepen- 
dent of m which can be given in terms of the degree of X. 

The number of points on Xm such that 0,l,x,y,z,l + x + y + z are not 
distinct is 4. This is straightforward to check using such factorizations as 




+ C 
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f{0,y, z) = {y + l){z + l){y + z), and we omit the details (the four points 
are (0,0,0), (1,0,0), (0,1,0), and (0,0,1)). 

It follows from the previous two paragraphs that there are points on Xm 
with 0,l,x,y,z,l + x + y + z distinct for all m sufficiently large. 

Using a refined version of Weil's theorem from jl], we obtain \Nm — (2™ + 
1)1 < 220v/2™^. It follows from this inequality that A^^ > 4 once m > 16. □ 

It can be easily shown that the genus of X is between 11 and 13, but we 
have not computed its exact value. 



3 The Weights in the Dual Codes C , m even 

Let g = 2™. By Delsarte's theorem (see [S] or [7j), 

C-L = {(Tr{a/x + bx + cx^)):re¥* -.a^b^cE ¥q}. 

Knowing the weights in C"*" is equivalent to knowing how many O's are in 
a typical codeword. By Hilbert's Theorem 90, we want to know how many 
solutions there are to 

y"^ + y = - + bx + cx^ (4) 

X 

over F2™. If we denote by the number of rational points in a complete 
smooth model of the above curve then the weight of the vector whose entries 
are Tr{a/x + bx + cx^) as we vary x G F*, is g — 1 — (A^ — 2)/2 = q — N/2. 

Recall that every curve has an abelian variety associated to it called its 
Jacobian. An abelian variety A over a field of characteristic p > is said to 
have p-rank s if the subgroup of points of order p of A (over an algebraically 
closed field of definition) has cardinality p*. By the two-rank of a curve we 
mean the two-rank of its Jacobian. 
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Lemma 5 Curves of the form @ can be characterised as curves defined over 
of genus 2, two-rank 1, whose number of rational points is divisible by 4. 

Proof: From [2 , it follows that a curve of genus 2 and two-rank 1 has 
an equation y"^ + y = a/x + bx + cx^ + d. Let us now show that we may 
take d = when = mod 4. As the number of points is zero modulo 4, 
ExGF* Tr{a/x+bx+cx^+d) = 0. But Y.x&* ^/x = Exgf* ^ = ExeF* = 0' 
if g > 4 so we get Tr{d) = and d = e'^ + e for some e and a change of variable 
y ^ y + e puts the equation in the form stated with d = 0. Conversely, if 
d = then = (mod 4) as ZI^gf* Tr{a/x + bx + cx^) = 0. □ 

An abelian variety is called simple if is not isogenous to a product of 
abelian varieties of smaller dimension. Maisner and Nart classified which 
isogeny classes of simple abelian surfaces of p-rank one contain Jacobians. 

Theorem 6 (Maisner- Nart, 16]) Let g = 2"*. There exists a curve of the 
form with N = q + 1 + ai points over and simple Jacobian if and 
only if 

1. ai is odd 

2. \ai\ < 4^ 

3. there exists an integer 02 such that 

(a) 2|ai|^ - 2g < a2 < al/A + 2g 

(b) 02 is divisible by 21^™/^^ 

(c) A = — 4a2 + 8g is not a square in Z 

(d) (5 = (a2 + 2g)^ — Aqal is not a square in Z2. 

This statement combines Lemma 2.1, Theorem 2.9 part (M) and Corollary 
2.17 of i6|, and our LemmaEl 

Lemma 7 Let q = where m is even. Then each even number in the 
interval [q/2 — 2^ + q^ — 1/2, q/2 + 2y/g — — 1/2] occurs as a weight in 
C"*", and these weights arise from curves of type @ whose Jacobian is simple. 
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Proof: Assume that m is even. If ai, 02 satisfy the conditions of theorem 
Elthen |ai| < 4^-2^^/^. Indeed, if aa = 2|ai|^-2g then A = (|ai|+4^)2 
is a square, so it is ruled out. Thus 2|ai|yg — 2q + ^/q < a2 < a^/4 + 2q, 
which leads to the stated inequality. 

Conversely, if ai satisfies the inequality |ai| < Ay/q — 2q^^'^, let 02 = 
2|ai|^/g — 2q + y^. We must check that A and 6 are not squares in Z and 
Z2 respectively. 

First, substitution gives A = {A^/q— \ai\Y — Ay/q. Suppose A = where 
t is a positive integer. Then (4y/g — |ai| — t)(4y/g— |ai| +t) = 4y/g. By unique 
factorization in Z, we conclude 4^ — |ai| — t = 2^^ and 4y/g — |ai| + t = 2^ 
for some positive integers k and i with k + i = 2 + m/2. Adding gives 
2(4y/g — |ai|) = 2^ + 2^. Since ai is odd, one of k and i must be 1. li i = 1, 
then 4y/g— |ai| + t = 2, so 4y/g— |ai| = t = 1, a contradiction. Suppose now 
that k = 1 (so i = 1 + m/2). It follows that t = A^/q — |ai| — 2. Substituting 
this value for t into A^/q — |ai| + t = 2^ yields |ai| = 3y/q — 1. Thus, if 
1^1 1 7^ 3^ — 1 we have shown that A is not a square. 

If I ail = 3^—1 then choose 02 = 2\ai\y/q—2q+2y/q. A similar argument 
as above leads to a contradiction. 

Next, substituting for 02 gives 

5={a2 + 2qf - Aqai = i2\ai\^+^y - Aqaj = q{l + 4|ai|). 

It is well known (see |0] ch. II for example) that an element 2''"u (where u is 
a unit) of Z2 is a square if and only if r is even and u = 1 (mod 8). Since 
tti is odd it follows that 6 is not a square. A similar argument works in the 
case a2 = 2\ai\y/q — 2q + 2y/q. 

□ 

We still need to analyse which weights come from curves whose Jacobian 
is non-simple. We do this in the proof of theorem |H| We note that by [H] 
corollary 2.17 the field of definition does not matter to determine simplicity. 

Theorem 8 Let q = 2^ where m is even, let I = [q/2 — 2y/g, q/2 + 2^— 1] 
and J = [q/2 — 2^ + — |,g/2 + 2^ — — \\- Then all weights in 
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C are even integers in I. All even integers in J do occur as weights, and 
an even integer in I \ J occurs as a weight if and only if it has the form 
g/2 + (±2y^+a+ 1)/2 where a = 3 (mod 4) and ±2^ — a is not squarefree. 

Proof: We continue the notation from before. The weights are the num- 
bers q — N/2, where = g + 1 + ai ranges over the number of points 
on curves of type Q. From theorem |H1 Oi is odd and |ai| < 4y^. Thus 
— + 1 < cti < 4:y/q — 1, and this is equivalent to saying that the weights 
he in /. All weights in C*-*" are even since 1 is a zero of the code. (This entails 

= (mod 4), which means ai = 3 (mod 4).) 

By Lemma [7| all weights in J do occur as weights. 

We now study curves of type whose Jacobian is not simple. In this case 
the Jacobian must be isogenous to E' x E, where E' is an elliptic curve of two- 
rank (a supersingular elliptic curve) and E is an elliptic curve of two-rank 
1 (an ordinary elliptic curve). It is known (see [S] for example) that a super- 
singular elliptic curve E' has g + 1 — a' points, where a' G {0, ^^/q, ±2y/g} 
(as m is even). It is also known by results of Honda and Tate that an or- 
dinary elliptic curve E exists with q + 1 — a points whenever a is odd and 

< We will investigate when we can construct a curve of genus 2 

having A^ = g + 1 — a' — a points over whose Jacobian is isogenous to 
E' X E. To do this we apply the construction of [Sj, section 1. There it is 
proved that such a curve exists if and only if, for some odd prime p, there is 
an isomorphism of Galois modules between E'\p\ and E\p\ reversing the Weil 
pairing. 

We will restrict ourselves to the case that E' has g + 1 ± 2y/q points. 
In the other cases the construction can be done whenever a — a' ^ ±1 but 
it leads to weights in the interval J, which are therefore not interesting for 
our purposes. Returning to the case in question, the action of Frobenius on 
E'\p\ is multiplication by a scalar k = ^^/q. We need to have the same be 
true of E[p], and then any isomorphism of groups between E'[p] and E[p] 
reversing the Weil pairing will automatically preserve Galois action and we 
will be done. 
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To have Frobcnius on E[p] be multiplication by k we must have k"^ — ak + 
q = mod p^. Indeed, A;^ — ak + q is the number of points in the kernel of 
TT — k on E, where tt denotes the Frobenius automorphism on E. Conversely, 
ii k'^ — ak + q = mod p^, we will show that either Frobenius on E[p] is 
multiplication by k or there is an elliptic curve isogenous to E with this 
property. The congruence implies that the characteristic polynomial of n on 
E[p] is {x — k)^. Assume now that Frobenius on E\p\ is not multiplication 
by k. Then tt — k has a kernel F on E[p] which is also the image of tt — k 
on E[p\. Thus F is invariant under tt and hence E = E /T is defined over 
and is isogenous to E. Now tt — k — on E\p]/r C E\p] and by the same 
argument as above (since the congruence holds modulo p^) tt — A; = on a 
cyclic subgroup of Elp^] which projects to a different subgroup of E\p], thus 
TT — k — on E\p\. To summarize, we can construct the curve of genus two 
if a' = a mod for some prime p, when a' — ±2^. 

Therefore a value of ai — ±2y^ + a is realisable from this construction 
if and only if ±2y^ — a is not squarefree. □ 



Here arc the lists of weights in a few cases. 



Q 


2^ 


28 


210 


212 


I 


[16,47] 


[96, 159] 


[448, 575] 


[1920, 2175] 


J 


[19, 44] 


[100, 155] 


[454, 569] 


[1928,2167] 


weights in / \ J 


none 


none 


452 


1924 



We point out that the weights are not necessarily all the even numbers 
in an interval, as illustrated by the q — 2^^ case. 

4 The Weights in the Dual Codes C^, m odd 

Let us consider now the case m odd. 

Theorem 9 Let q = 2™ where m is odd, let I = [q/2- [2^J , q/2+ [2^J -1] 
and J = [q/2 - 2^+ (8g)3 - |,g/2 + 2^- {8q)^ - i]. Then all weights 
in are even integers in I, and all even integers in J do occur as weights. 



11 



Proof: We need only to consider the values of ai afforded by Theorem 
ini since the curves with split Jacobian will have number of points of the 
form g + l + a,g + l± ^/2q + a, for some a satisfying \a\ < 2y/q which will 
lead to weights in J. Note also that we can improve the inequality on ai to 
1^1 1 < 2 [2^J , as noted in ^J. This leads to interval / and the first statement 
of the Theorem. 

Let q' = 2^"^+^)/^. Let ai be an odd integer and let 02 be any integer 
divisible by q', and put 6 = (02 + 2g)^ — Aqaf. We will show that 6 is not 
a square in Z2. Consider first the case where 02 = q'u, u odd. Recall that 
{q'Y = 2q. Then 6 /2q = — 2a\ mod 8. As = = 1 mod 8 we get 
5 /2q = 7 mod 8 and 5 is not a square in Z2. If 02 = 2q'u, u odd, then 
5/4:q = 2u'^ — a\ is odd. Again 5 is not a square in Z2 as 5 = 2^m where r 
is odd and m is a unit. Finally, if 02/^' = mod 4 then 5/2q = —2a\ = —2 
mod 8, so 5 is again not a square in Z2. 

If, now we assume further that ai E J then there exists an integer 02 such 
that 02,02 + q' satisfy conditions (a) and (b) of Theorem IHl By the above 
argument they also satisfy condition (d). We will show that at least one of 
them satisfies condition (c). 

Suppose neither of them satisfies condition (c). Let A (6) = a\ — Ah + 8q. 
If A(a2) = "U^, A(a2 + q') = v"^ for positive integers u,v then v? — v"^ = 
4q'. It follows that u — v = 2^,u + v = 2'^ for some integers r, s, where 
r + s = (m + 5)/2. So v = 2^^^ — 2^^^. However, since a\ is odd, it 
follows that = A(a2 + q') is also odd, so v is odd and thus r = 1 and 
s = (m + 3)/2 which implies that u = q' + 1 and so = A(a2) = = 1 
mod 2q'. Since ai = 3 mod 4 it follows that ai = —1 mod q'. On the 
other hand |ai| < 4^ = 2\^q', and we conclude that ai = —1 + nq', 
where n G {0, ±1,±2}. We can then conclude that there exists a possibly 
different integer 02 such that 02, ^2 + q', 12 + 2q' satisfy conditions (a) and 
(b) of Theorem ini By the above argument they also satisfy condition (d). 
We proceed to show that at least one of them also satisfy condition (c). If 
none of them satisfies condition (c) then we can apply the above argument to 
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both pairs 02, 02 + (f and + g', + 2g', but u, v were uniquely determined 
in terms of g' above so we cannot have two such pairs. The Theorem now 
follows from Theorem IHl □ 



Here are the lists of weights in a few cases. Again we note that the weights 
are not necessarily all the even numbers in an interval, as illustrated by the 
q = 2^^ case. 



Q 


2^ 


29 


211 


I 


[42,85] 


[211,300] 


[934,1113] 


J 


[47, 80] 


[219,292] 


[945, 1102] 


weights in / \ J 


46, 


216,218, 


938,942,944, 




82,84 


294,296 


1104,1106 



We do not have a precise description of the weights in / \ J, unlike the m 
even case. The entries in the table for I \J were determined by computer. 
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